Extracting signatures from Apple .apps - SANS Internet Storm Center

SANS ISC InfoSec Forums

Extracting signatures from Apple .apps
As an add-on to ISC Handler Lenny Zeltser's earlier diary on extracting certificates from signed Windows binaries, here's how to do the same on a Mac. Given that today's blog over at F-Secure documents a screenshot-taking Mac spyware that is signed with a developer ID, signed bad .apps might actually be more prevalent than expected. To verify and extract signatures and certificates on an Apple .app, you can do (example Mail.app) codesign -dvvvv --extract-certificates /Applications/Mail.app This will save the certificates in DER format, named codesign0, codesign1, etc. These can then be displayed as usual with OpenSSL openssl x509 -inform DER -in codesign0 -text	Daniel 367 Posts ISC Handler
Reply Subscribe	May 16th 2013 5 years ago